Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
08/09/2024, 18:19
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://shorturl.at/f85C4
Resource
win10v2004-20240802-en
General
-
Target
https://shorturl.at/f85C4
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3684 msedge.exe 3684 msedge.exe 4148 msedge.exe 4148 msedge.exe 1272 identity_helper.exe 1272 identity_helper.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4148 wrote to memory of 4344 4148 msedge.exe 83 PID 4148 wrote to memory of 4344 4148 msedge.exe 83 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 4412 4148 msedge.exe 84 PID 4148 wrote to memory of 3684 4148 msedge.exe 85 PID 4148 wrote to memory of 3684 4148 msedge.exe 85 PID 4148 wrote to memory of 1956 4148 msedge.exe 86 PID 4148 wrote to memory of 1956 4148 msedge.exe 86 PID 4148 wrote to memory of 1956 4148 msedge.exe 86 PID 4148 wrote to memory of 1956 4148 msedge.exe 86 PID 4148 wrote to memory of 1956 4148 msedge.exe 86 PID 4148 wrote to memory of 1956 4148 msedge.exe 86 PID 4148 wrote to memory of 1956 4148 msedge.exe 86 PID 4148 wrote to memory of 1956 4148 msedge.exe 86 PID 4148 wrote to memory of 1956 4148 msedge.exe 86 PID 4148 wrote to memory of 1956 4148 msedge.exe 86 PID 4148 wrote to memory of 1956 4148 msedge.exe 86 PID 4148 wrote to memory of 1956 4148 msedge.exe 86 PID 4148 wrote to memory of 1956 4148 msedge.exe 86 PID 4148 wrote to memory of 1956 4148 msedge.exe 86 PID 4148 wrote to memory of 1956 4148 msedge.exe 86 PID 4148 wrote to memory of 1956 4148 msedge.exe 86 PID 4148 wrote to memory of 1956 4148 msedge.exe 86 PID 4148 wrote to memory of 1956 4148 msedge.exe 86 PID 4148 wrote to memory of 1956 4148 msedge.exe 86 PID 4148 wrote to memory of 1956 4148 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://shorturl.at/f85C41⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4148 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc437c46f8,0x7ffc437c4708,0x7ffc437c47182⤵PID:4344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,12945086820798223138,18192857183305400519,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵PID:4412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,12945086820798223138,18192857183305400519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,12945086820798223138,18192857183305400519,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:82⤵PID:1956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12945086820798223138,18192857183305400519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:3040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12945086820798223138,18192857183305400519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:5084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12945086820798223138,18192857183305400519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:12⤵PID:4248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,12945086820798223138,18192857183305400519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:82⤵PID:1148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,12945086820798223138,18192857183305400519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12945086820798223138,18192857183305400519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:12⤵PID:4832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12945086820798223138,18192857183305400519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:12⤵PID:1192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12945086820798223138,18192857183305400519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:12⤵PID:2780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12945086820798223138,18192857183305400519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:12⤵PID:1232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,12945086820798223138,18192857183305400519,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4920 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4692
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3504
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3032
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
Filesize
464B
MD5266db589a3442ea179779737f3789bd3
SHA1ad5f1e0343b7f24611d27190fac67217d04386f7
SHA2569e643855e45c5172125ed70e67a7e23c5cfc5ae77a179b7dcdd4f41b997917c2
SHA51216d444b9851c10e752f212b85b5f8e2fe27fe775e5a6deb7f65119546929c5fcb44752157e39f205d19319411a117e52108e2062276cd62964d1ed66729fb48e
-
Filesize
6KB
MD561e72e294fc63bbbd58a18316fc6c177
SHA13d33e9001484c6436ab085e2b6b326811ad7b214
SHA256f566b41b9121778f4c91765966bb63b38f769eac637fb550aede2933ff004865
SHA512194e77a0f56483447add49555e727709690f44c441b6d6c2f2a48edb50b72353dc82fff8f1da259d03bbad5afbce5d78fd5ee7fd7a67ea35922d69df9b1e0d93
-
Filesize
5KB
MD516a8a0a2847cb5bdf6bd70b96cf2559e
SHA179ca6a0edaf58a6042040430a4c287c9dc06fb35
SHA2568dc7fbe2e856d8a0f62ad357d452415d70bca13763ff1f5482bee8b866557f79
SHA512223a3ae7046b842f4f8b2a8e1593b9e34bca9c7b299f42c7848224af9f72191455dfe9aef7bc2aa7b5a5280fedb31a56a5f119e28e5d9958d947e9399b69edb1
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD558b1d80ebb29097d09e38ef0d76adeee
SHA1d0e3bdd70e9df52915f32c85da0a5d26dd04769d
SHA2564ea259d3079efb696f5bb3dadf4a612258e8f0b8f8fe98c980854161a9e13604
SHA51234072fd2109c4b7584a6462ca23e67f36a752bd38d85ecacf3a0ec580006bbdd631090e948f5514626a9abdfd8cf4dc1063a6f1b9a534cdb82a062862910d07e